Random MAC addresses working in Network Manager 1.4.2
505 views
Skip to first unread message
Chris Laprise
Oct 3, 2016, 3:05:55 PM10/3/16
to qubes-users
Network Manager 1.4.2 has been testing very well for me the last few days...
This new version appears to randomize MAC addresses properly, and the
feature set has evolved to the point where the randomization process is
managed in a more holistic way. For example, you can specify a
cloned-mac-address type of 'stable', and this will generate a random MAC
(for a given access point) and store it for use with the same AP in the
future. Setting it to 'random' will generate a random MAC each time it
connects, instead of remembering the address. You can also specify
bitmasks for randomization.
When disconnected, the MAC is changed regularly at a set interval.
Randomizing also works for ethernet, and is handled entirely by NM just
like it is now for wifi.
The network-manager 1.4.2 package is in Debian unstable repo and its not
hard to install in Debian stretch/9. I do recommend removing your old NM
connection profiles after upgrading, as randomization (while connected)
didn't work for me until I started with fresh connection settings
(created a new netvm). After installing, edit
/etc/NetworkManager/NetworkManager.conf in the template and add lines like:
[device-scan]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
Then stop the template and restart the netvm.
More details here:
https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
man nm-settings
https://github.com/QubesOS/qubes-issues/issues/938
Chris
This new version appears to randomize MAC addresses properly, and the
feature set has evolved to the point where the randomization process is
managed in a more holistic way. For example, you can specify a
cloned-mac-address type of 'stable', and this will generate a random MAC
(for a given access point) and store it for use with the same AP in the
future. Setting it to 'random' will generate a random MAC each time it
connects, instead of remembering the address. You can also specify
bitmasks for randomization.
When disconnected, the MAC is changed regularly at a set interval.
Randomizing also works for ethernet, and is handled entirely by NM just
like it is now for wifi.
The network-manager 1.4.2 package is in Debian unstable repo and its not
hard to install in Debian stretch/9. I do recommend removing your old NM
connection profiles after upgrading, as randomization (while connected)
didn't work for me until I started with fresh connection settings
(created a new netvm). After installing, edit
/etc/NetworkManager/NetworkManager.conf in the template and add lines like:
[device-scan]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
Then stop the template and restart the netvm.
More details here:
https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
man nm-settings
https://github.com/QubesOS/qubes-issues/issues/938
Chris
Chris Laprise
Oct 11, 2016, 12:11:46 PM10/11/16
to qubes...@googlegroups.com
Simply upgrading the template to debian 9 should provide all the
randomizing features that NM offers.
https://www.qubes-os.org/doc/debian-template-upgrade-8/
Chris
Andrew
Oct 12, 2016, 6:39:05 AM10/12/16
to qubes...@googlegroups.com
Chris Laprise:
Thanks for the heads-up! I just replaced my very hacky, years-old MAC
randomization setup with debian-9 with NetworkManager 1.4.2.
As you say, I needed to re-create my connection profiles, but that's a
trivial matter. Everything seems to work as promised!
I am _so_ glad that MAC randomization will finally be available to Qubes
users, and that closing this tracking ticket is finally within sight! :)
Qubes devs: What would it take to make this the default? Is the problem
simply that it requires Debian stretch? Further, since everything works
as-is with Debian, why not make Debian the default template for service
VMs? Not only is it nice for having longer release cycles, but moving
to this default will save most people a nice chunk of disk space.
Andrew
randomization setup with debian-9 with NetworkManager 1.4.2.
As you say, I needed to re-create my connection profiles, but that's a
trivial matter. Everything seems to work as promised!
I am _so_ glad that MAC randomization will finally be available to Qubes
users, and that closing this tracking ticket is finally within sight! :)
Qubes devs: What would it take to make this the default? Is the problem
simply that it requires Debian stretch? Further, since everything works
as-is with Debian, why not make Debian the default template for service
VMs? Not only is it nice for having longer release cycles, but moving
to this default will save most people a nice chunk of disk space.
Andrew
Reply all
Reply to author
Forward
0 new messages